infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

* add uri-encoding as an evasion method (though, exploits could hard code it if they need to...) 

git-svn-id: file:///home/svn/incoming/trunk@3516 4d416f70-5f16-0410-b530-b9f4589650da
unstable
bmc 2006-02-06 22:48:10 +00:00
parent 16156c8aea
commit ca315abe1b
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/msf/core/exploit/http.rb
View File

@ -28,6 +28,7 @@ module Exploit::Remote::HttpClient
register_evasion_options(
[
OptEnum.new('HTTP::uri_encode', [false, 'Enable URI encoding', 'none', ['none','hex-normal', 'hex-all', 'u-normal', 'u-all'], 'none']),
OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP request via "Transfer-Encoding: chunked"', 'false']),
OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', 'false']),
OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', 'false']),
@ -125,8 +126,11 @@ module Exploit::Remote::HttpClient
end
request = c.request(opts)
if (datastore['HTTP::uri_encode'] && datastore['HTTP::uri_encode'] != 'none')
request.uri_encode_mode = datastore['HTTP::uri_encode']
end
if (datastore['HTTP::chunked'] == true)
request.auto_cl = false
request.transfer_chunked = true